<section>
  {{#unless isEnabled}}
    <div class="banner bg-warning">
      <div class="banner-icon"><span class="icon icon-alert"></span></div>
      <div class="banner-message">
        <p>{{t 'ldap.header.disabled.label' providerName=(t providerName)}}</p>
      </div>
    </div>
  {{/unless}}
</section>

{{#accordion-list showExpandAll=false  as |al expandFn|}}
  {{#if isEnabled}}
    {{#accordion-list-item
         classNames="mt-30"
         detail=(t 'ldap.accessConfig.subtext1' providerName=(t providerName) htmlSafe=true)
         expand=(action expandFn)
         expandAll=al.expandAll
         expandOnInit=true
         expanded=true
         showExpand=false
         title=(t 'ldap.accessEnabled.header')
    }}
      <section class="">
        <div class="clearfix">
          <div class="pull-right">
            <button class="btn btn-sm bg-primary" {{action "edit"}}>
              {{t 'generic.edit'}}
            </button>
            <button class="btn btn-sm right-divider-btn bg-error" {{action "disable"}}>
              {{t 'ldap.accessEnabled.disable.confirmDisable.pre'}}
            </button>
          </div>
        </div>
        <hr/>
        <p class="text-info">{{t 'ldap.accessEnabled.subtext'}}</p>

        <div class="row">
          <div class="col span-4 force-wrap">
            <h3>{{t 'ldap.accessEnabled.general.header'}}</h3>
            <div><b>{{t 'ldap.accessEnabled.general.server'}} </b> <span class="text-muted">{{authConfig.servers.firstObject}}:{{authConfig.port}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.general.tls'}} </b> <span class="text-muted">{{if authConfig.tls "Yes" "No"}}</span></div>
            {{#if authConfig.serviceAccountUsername}}
              <div><b>{{t 'ldap.accessEnabled.general.serviceAccount'}} </b> <span class="text-muted">{{authConfig.serviceAccountUsername}}</span></div>
            {{/if}}
            {{#if authConfig.serviceAccountDistinguishedName.labelText}}
              <div><b>{{t 'ldap.accessEnabled.serviceAccountDistinguishedName'}} </b> <span class="text-muted">{{authConfig.serviceAccountDistinguishedName}}</span></div>
            {{/if}}
            {{#if (eq authConfig.type "activeDirectoryConfig")}}
              <div><b>{{t 'ldap.accessEnabled.general.defaultDomain'}} </b> <span class="text-muted">{{authConfig.defaultLoginDomain}}</span></div>
            {{/if}}
            <div><b>{{t 'ldap.accessEnabled.connectionTimeout.labelText'}}</b> <span class="text-muted">{{authConfig.connectionTimeout}}</span></div>
          </div>
          <div class="col span-4 force-wrap">
            <h3>{{t 'ldap.accessEnabled.users.header'}}</h3>
            <div class="force-wrap"><b>{{t 'ldap.accessEnabled.general.searchBase'}} </b> <span class="text-muted">{{authConfig.userSearchBase}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.users.objectClass'}} </b> <span class="text-muted">{{authConfig.userObjectClass}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.users.login'}} </b> <span class="text-muted">{{authConfig.userLoginAttribute}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.users.name'}} </b> <span class="text-muted">{{authConfig.userNameAttribute}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.users.search'}} </b> <span class="text-muted">{{authConfig.userSearchAttribute}}</span></div>
            {{#if authConfig.userSearchFilter}}
              <div><b>{{t 'ldap.accessEnabled.users.searchFilter'}} </b> <span class="text-muted">{{authConfig.userSearchFilter}}</span></div>
            {{/if}}
            <div><b>{{t 'ldap.accessEnabled.users.enabled'}} </b> <span class="text-muted">{{authConfig.userEnabledAttribute}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.users.disabledBitMask'}} </b> <span class="text-muted">{{authConfig.userDisabledBitMask}}</span></div>
          </div>
          <div class="col span-4 force-wrap">
            <h3>{{t 'ldap.accessEnabled.group.header'}}</h3>
            <div class="force-wrap"><b>{{t 'ldap.accessEnabled.general.searchBase'}} </b> <span class="text-muted">{{authConfig.groupSearchBase}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.group.objectClass'}} </b> <span class="text-muted">{{authConfig.groupObjectClass}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.group.name'}} </b> <span class="text-muted">{{authConfig.groupNameAttribute}}</span></div>
            <div><b>{{t 'ldap.accessEnabled.group.search'}} </b> <span class="text-muted">{{authConfig.groupSearchAttribute}}</span></div>
            {{#if authConfig.groupSearchFilter}}
              <div><b>{{t 'ldap.accessEnabled.group.searchFilter'}} </b> <span class="text-muted">{{authConfig.groupSearchFilter}}</span></div>
            {{/if}}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}

  {{/if}}

  {{#if (or (not isEnabled) editing)}}
    {{#accordion-list-item
         classNames="mt-30"
         detail=(t 'ldap.accessConfig.subtext1' providerName=(t providerName) htmlSafe=true)
         expand=(action expandFn)
         expandAll=al.expandAll
         expandOnInit=true
         expanded=true
         showExpand=false
         title=(t 'ldap.accessConfig.header' providerName=(t providerName))
    }}
      <section class="">
        <div class="row">
          <div class="col span-6 mb-0">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'model.openldapconfig.server.label'}}{{field-required}}</label>
              {{input value=configServers classNames="form-control"}}
            </div>
          </div>
          <div class="col span-6 mb-0">
            <label class="acc-label pb-5">{{t 'ldap.accessConfig.port.labelText'}}</label>
            <div class="input-group">
              {{input-integer value=authConfig.port min=1 max=65535 classNames="form-control"}}
              <span class="input-group-addon bg-default">
                <label>{{t 'ldap.accessConfig.port.checkbox'}} {{input type="checkbox" checked=authConfig.tls}}</label>
              </span>
            </div>
          </div>
        </div>
        {{#if authConfig.tls}}
          <hr/>
          <div class="row pt-10">
            <div class="col span-12 input-group mt-0">
              {{input-text-file
                  label='ldap.customizeSchema.cert.labelText'
                  value=authConfig.certificate
                  canChangeName=false
                  accept="text/plain,.pem,.pkey,.key"
                  minHeight=60
                  placeholder="ldap.customizeSchema.cert.placeholder"
                  shouldChangeName=false
              }}
              <p class="help-block">{{t 'ldap.customizeSchema.cert.helpText'}}</p>
            </div>
          </div>
        {{/if}}
        <div class="row">
          <div class="col span-6 mb-0">
            <label class="acc-label pb-5">{{t 'ldap.accessConfig.connectionTimeout.labelText'}}{{field-required}}</label>
            <div class="input-group">
              {{input-integer value=authConfig.connectionTimeout min=1 classNames="form-control"}}
              <span class="input-group-addon bg-default"><label>{{t 'generic.milliseconds'}}</label></span>
            </div>
          </div>
        </div>
        <hr class="mt-30 mb-30"/>
        <p class="text-info mb-0">{{t 'ldap.accessConfig.subtext2' appName=settings.appName}}</p>
        <div class="row">
          {{#if (eq authConfig.type "activeDirectoryConfig")}}
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">{{t 'model.openldapconfig.serviceAccountUsername.label'}}{{field-required}}</label>
                {{input value=authConfig.serviceAccountUsername classNames="form-control"}}
              </div>
            </div>
          {{else}}
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">{{t 'ldap.accessConfig.serviceAccountDistinguishedName.labelText'}}{{field-required}}</label>
                {{input value=authConfig.serviceAccountDistinguishedName classNames="form-control"}}
              </div>
            </div>
          {{/if}}
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'model.openldapconfig.serviceAccountPassword.label'}}{{field-required}}</label>
              {{input type="password" value=authConfig.serviceAccountPassword classNames="form-control"}}
            </div>
          </div>
        </div>
        {{#if (eq authConfig.type "activeDirectoryConfig")}}
          <div class="row">
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">{{t 'ldap.accessConfig.defaultDomain.labelText'}}</label>
                {{input value=authConfig.defaultLoginDomain classNames="form-control" placeholder=(t 'ldap.accessConfig.defaultDomain.placeholder')}}
                <p class="help-block">{{t 'ldap.accessConfig.defaultDomain.helpText'}}</p>
              </div>
            </div>
          </div>
        {{/if}}

        <div class="row">
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.searchBase.labelText'}}{{field-required}}</label>
              {{input value=authConfig.userSearchBase classNames="form-control" placeholder=(t 'ldap.accessConfig.userSearchBase.placeholder')}}
              <p class="help-block">{{t 'model.openldapconfig.domain.help'}}</p>
            </div>
          </div>
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'ldap.accessConfig.groupSearchBase.labelText'}}</label>
              {{input value=authConfig.groupSearchBase classNames="form-control" placeholder=(t 'ldap.accessConfig.groupSearchBase.placeholder')}}
              <p class="help-block">{{t 'ldap.accessConfig.groupSearchBase.helpText'}}</p>
            </div>
          </div>
        </div>
      </section>
    {{/accordion-list-item}}

    {{#accordion-list-item
         title=(t 'ldap.customizeSchema.header')
         detail=(t 'ldap.customizeSchema.helpText')
         expandAll=al.expandAll
         expand=(action expandFn)
    }}
      <section class="">
        <div class="row">
          <div class="col span-6">
            <h3>{{t 'ldap.customizeSchema.users.header'}}</h3>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.objectClass.labelText'}}</label>
              {{input value=authConfig.userObjectClass classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.name.labelText'}}</label>
              {{input value=authConfig.userNameAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.login.labelText'}}</label>
              {{input value=authConfig.userLoginAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.userMemberAttribute.labelText'}}</label>
              {{input value=authConfig.userMemberAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.search.labelText'}}</label>
              {{input value=authConfig.userSearchAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.searchFilter.labelText'}}</label>
              {{input value=authConfig.userSearchFilter classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.enabledAttribute.labelText'}}</label>
              {{input value=authConfig.userEnabledAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.users.disabledBitMask.labelText'}}</label>
              {{input-integer value=authConfig.userDisabledBitMask min=1 classNames="form-control"}}
            </div>
          </div>
          <div class="col span-6">
            <h3>{{t 'ldap.customizeSchema.groups.header'}}</h3>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.objectClass.labelText'}}</label>
              {{input value=authConfig.groupObjectClass classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.name.labelText'}}</label>
              {{input value=authConfig.groupNameAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.groupMemberUser.labelText'}}</label>
              {{input value=authConfig.groupMemberUserAttribute classNames="form-control" placeholder=(t 'ldap.customizeSchema.groups.groupMemberUser.placeholder')}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.search.labelText'}}</label>
              {{input value=authConfig.groupSearchAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.searchFilter.labelText'}}</label>
              {{input value=authConfig.groupSearchFilter classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.groupMemberMapping.labelText'}}</label>
              {{input value=authConfig.groupMemberMappingAttribute classNames="form-control"}}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.groupDN.labelText'}}</label>
              {{input value=authConfig.groupDNAttribute classNames="form-control" placeholder=(t 'ldap.customizeSchema.groups.groupDN.placeholder')}}
            </div>
            {{#if (not-eq authConfig.id "freeipa")}}
              <div class="pb-20">
                <label class="acc-label pb-5">{{t 'ldap.customizeSchema.groups.nestedGroup.title'}}</label>
                <div class="radio">
                  <label class="acc-label pb-5">
                    {{radio-button selection=authConfig.nestedGroupMembershipEnabled value=false}}
                    {{t 'ldap.customizeSchema.groups.nestedGroup.disabled.labelText'}}
                  </label>
                </div>
                <div class="radio">
                  <label class="acc-label pb-5">
                    {{radio-button selection=authConfig.nestedGroupMembershipEnabled value=true}}
                    {{t 'ldap.customizeSchema.groups.nestedGroup.enabled.labelText'}}
                    <p class="help-block">{{t 'ldap.customizeSchema.groups.nestedGroup.enabled.helpText'}}</p>
                  </label>
                </div>
              </div>
            {{/if}}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}

    {{#accordion-list-item
         detail=(t 'ldap.testAuth.helpText' providerName=(t providerName))
         expand=(action expandFn)
         expandAll=al.expandAll
         expandOnInit=true
         expanded=true
         showExpand=false
         title=(t 'ldap.testAuth.header')
    }}
      <section class="">
        <div class="row">
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'ldap.testAuth.userName.labelText'}}{{field-required}}</label>
              {{input value=username classNames="form-control"}}
            </div>
          </div>
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">{{t 'ldap.testAuth.password.labelText'}}{{field-required}}</label>
              {{input type="password" value=password classNames="form-control"}}
            </div>
          </div>
        </div>
        <div class="row">
          {{top-errors errors=errors}}
          <div class="col span-12">
            {{save-cancel
                editing=editing
                save="test"
                saveDisabled=createDisabled
                cancel="cancel"
                createLabel='ldap.testAuth.authenticate.pre'
                savingLabel='ldap.testAuth.authenticate.post'
                btnLabel=providerSaveLabel
                saving=testing
            }}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}
  {{/if}}

  {{#if isEnabled}}
    {{#accordion-list-item
         classNames="mt-30"
         detail=(t 'siteAccess.helpText' appName=settings.appName htmlSafe=true)
         expand=(action expandFn)
         expandAll=al.expandAll
         expandOnInit=true
         expanded=true
         showExpand=false
         title=(t 'siteAccess.header')
    }}
      {{site-access
          model=authConfig
          principals=model.principals
          collection='siteAccess.organizations'
      }}
    {{/accordion-list-item}}
  {{/if}}
{{/accordion-list}}
